New indicator via API

jkougoulos · ‎01-05-2024

Hello,

I am trying from an external script in python to create an indicator in FortiSOAR 7.4.2, and I am bit stuck on how to define the indicator type which is basically a picklist.

How would I formulate in the payload the reference to the item in the picklist?

So far, I have tried the following payloads (and various variations) unsuccessfully; it looks like the API call tries to create (in some cases successfully) both the indicator but also a new IndicatorType (if I omit the uuid)

payload = {

"typeofindicator": "Domain",

"value": indicator_value,

"recordTags" : [ "mytag" ],

"description" : ioc_descr,

"lastSeen" : lastseen,

"firstseen" : firstseen,

"expiryDate" : expirydate

}

payload = {

"typeofindicator": {

"itemValue" : "Domain",

"listName": "/api/3/picklist_names/50ee5bfa-e18f-49ba-8af9-dcca25b0f9c0",

"uuid" : "5a5a7d42-be27-4903-858a-19909ebfa1eb"

},

"value": indicator_value,

"recordTags" : [ "mytag" ],

"description" : ioc_descr,

"lastSeen" : lastseen,

"firstseen" : firstseen,

"expiryDate" : expirydate

}

AlokAgar · ‎01-07-2024

You can use in following format.

{

"value":"indicator_value",

"typeofindicator": {"picklistName":"IndicatorType", "picklistValue":"Domain"}

}

View solution in original post

AlokAgar · ‎01-07-2024

You can use in following format.

{

"value":"indicator_value",

"typeofindicator": {"picklistName":"IndicatorType", "picklistValue":"Domain"}

}

jkougoulos · ‎01-08-2024

thanks a lot, this worked!